Blockchain Can Combat Malware, But It Can Also Spread It


New forms of  “crypto-malware” are also infecting target systems, not to steal data or launch DDoS attacks but to secretly mine crypto. This code can often go undetected for months, if not years, never doing any real damage but hijacking resources. Can blockchain be a weapon against these attacks?

Blockchain is seen by many as a haven for cryptocurrency spam and other types of financial crimes. But it also has the capacity to thwart these activities by providing a traceable, irremovable trail of events right back to their origins.

This can prove to be a valuable resource in the fight against malware and cyberattacks in general, particularly those that seek to compromise the data contained in the blockchain itself.

But it can also be used to spread malware to others, and the purveyors of these attacks are becoming increasingly adept at hiding their tracks once their code has been triggered.

Avoiding DNS Checks

One key problem, according to Dutch cyber security firm Delft, is an emerging means of using blockchain to generate random domain names when searching for a command and control server.

Under normal circumstances, multiple searches for a domain name server, most of which fail, show up as NXDomain errors that can be easily spotted by network management systems before the attack is launched.

By using transaction information in a blockchain, however, malware like the Cerber ransomware virus is able to communicate with its host without triggering an NXDomain error, making it much more difficult to spot until it’s too late. Essentially, blockchain provides an all-new back-channel to its owner, one that leaves even the most sophisticated network analysis tools in the dark.


READ MORE: Malware vs Ransomware — Comparison and Removal Guide for 2023

New Kind of Network Manipulation

Perhaps the most serious blockchain-based attack arose earlier this year. Dubbed NKAbuse, it used the NKN (New Kind of Network) protocol to exchange data between peers on blockchains.

This allowed it to launch DDoS attacks and other forms of mischief against Linux systems, primarily using the Go programming language that is becoming increasingly popular for blockchain applications.

NKN was likely chosen as the carrier because of its wide node base (more than 62,000 at last count) and its ability to act as an overlay on the TCP/IP stack, giving it the entire internet to play around in.

And as part of a blockchain, its central controller remains well-hidden, giving it robust reliability and anonymity as it expands over time.


Silent Threats

New forms of  “crypto-malware” are also infecting target systems, not to steal data or launch DDoS attacks but to secretly mine crypto. This code can often go undetected for months, if not years, never doing any real damage but hijacking resources to drive up costs and lower productivity for their owners.


The full extent of crypto-malware’s impact on the economy is difficult to estimate, given that it works at a much lower threat-level than ransomware or other forms of malicious code.

But as the value of crypto rises, we can expect more secret mining software to make its way onto both business and consumer systems and devices, further weakening our ability to leverage digital resources to their fullest extent.

READ MORE: How to Mine Bitcoin at Home — and is it still worth it?

The Answer?

Being the versatile technology that it is, there are ways blockchain can be leveraged to thwart all of these forms of malware – but it will take a fair bit of coordination. Researchers from BMS College of Engineering in India recently described a system in which blockchains around the world can be linked to a central database to instantly determine if any downloadable code is malicious or not.

The idea is based on standard anti-virus software, which typically runs checks against databases established by their developers.

With blockchain being so ubiquitous, however, this concept needs to be expanded on a global scale, with mechanisms put in place to continuously update the database as new code, both good and bad, enters circulation.

Meanwhile, the integrity of the database can be maintained in the same manner as all other blockchains: massive distribution across hardened nodes. Yes, this is a big job, but as the research team puts it, this is “the need of the hour.”

The Bottom Line

It shouldn’t come as a big surprise that blockchain is as vulnerable to manipulation as any other digital environment.

It’s anonymity and peer-to-peer architecture is designed to foster widespread adoption and streamlined operations.

But now that its key vulnerabilities are starting to come to light, there should be a concerted effort to shut them down before they can be exploited on a massive scale.

Distributed ledger technology stands to drive global economic activity and push the creation and distribution of wealth to new heights. It would be a shame if this were to suddenly collapse because the technology can no longer be trusted.


Related Reading

Related Terms

Arthur Cole

Arthur Cole is a freelance technology journalist who has been covering IT and enterprise developments for more than 20 years. He contributes to a wide variety of leading technology web sites, including IT Business Edge, Enterprise Networking Planet, Point B and Beyond and multiple vendor services.